Wednesday, September 13, 2023

Media/Surveillance: Meduza Co-Founder's Phone Infected With Pegasus Spyware

From Meduza, September 13:

The million-dollar reporter How attackers hijacked the phone of Meduza co-founder Galina Timchenko, making her the first Russian journalist to be infected with Pegasus spyware

The public has known for years that governments around the world use software developed by an Israeli cyber-arms company to spy on journalists, opposition politicians, and activists. Investigative journalists published a series of bombshell reports in July 2021 about the widespread abuse of Pegasus, a powerful tool marketed exclusively to state clients for use against only the grisliest criminals. Earlier this summer, Meduza learned that the iPhone of our co-founder and publisher, Galina Timchenko, was infected with Pegasus mere hours before she joined a private conference in Berlin attended by colleagues in the exiled Russian independent media. This is the first confirmed case of a Pegasus attack against a Russian journalist. With help from experts at Access Now and Citizen Lab, Meduza reports what we know about this notorious spyware, how it’s been used in Europe, and which states might have spent millions of dollars to hijack Ms. Timchenko’s phone.

Readers, please be aware of a possible conflict of interest in this report, which focuses on Meduza co-founder and publisher Galina Timchenko. She was not involved in the preparation of this article.

Galina Timchenko hurried to Meduza’s Riga newsroom on June 23. She’d just gotten a call from Alexey, the head of Meduza’s technical division, telling her to come in immediately. His voice was unusually stern, and he didn’t explain the urgency. “He simply spoke in such a way that I understood it as an order,” Timchenko later recalled. “It was clear that something had happened.”

En route to the office, Timchenko wondered if one of her passwords wasn’t secure or if she’d clicked on any suspicious hyperlinks. “I thought I’d done something wrong,” she says.

Alexey was waiting for her at the doorstep. He silently pointed at her bag, which held her phone and computer. “I can’t say anything just yet,” he informed her. “We’re looking into it.” He then took Timchenko’s iPhone and MacBook.

A day earlier, Timchenko had received a curious text message from Apple and forwarded it to Meduza’s tech division. The message was one of Apple’s “threat notifications” about “state-sponsored attackers” — something the company sends to users who are “individually targeted because of who they are or what they do.” “State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life,” Apple explains on its website. 

The notification sent to Timchenko did not identify the state in question.

She says she put the message out of her mind after sharing it with Meduza’s technical team. Galina Timchenko has grown accustomed to such warnings. The Russian authorities have tried to hack or destroy her newsroom’s infrastructure for years. Meduza has weathered denial-of-service attacks and countless phishing attempts. Russia’s federal censor now even blocks the website outright.....

....MUCH MORE

Nasty Business.

Previously: